Here's a shocking fact I've learned from 25-plus years of security consulting: Most security projects fail to improve the safety of the organizations launching them. Security will be compromised as frequently after the project as before.
To put it bluntly, most computer security projects are a waste of time and money.